DeepSecurity11Update4のリリース、累積変更と機能追加。
Deep Security 11.0 Update 4 のモジュールを公開いたします。
■ 公開開始日2018 年 12 月 10 日 (月)
■ 対象モジュール
Deep Security Manager
Linux 版 Deep Security Agent
Windows 版 Deep Security Agent
Windows 版 Deep Security Notifier
■ 追加機能/修正内容追加機能や修正内容は付属の Readme をご覧ください。
※日本語のReadmeは一か月以内を目安に公開いたします。■ 入手方法
Deep Securityヘルプセンターからダウンロードできます。
サポート情報 : トレンドマイクロ
「Deep Securityヘルプセンター」
また、以下の製品 Q&A も合わせてご参照ください。
Update プログラムとは
Deep Security Manager
2. What's New
========================================================================
2.1 Enhancements
=====================================================================
This release contains the following enhancement:
Enhancement 1: [DSSEG-2784]
The versions of Apache Tomcat used in Deep Security
Manager have been upgraded to 8.5.34.
Enhancement 2: [DSSEG-2792]
A new 'Include time zone in events' check box has
been added to the SIEM and syslog configuration in
Deep Security Manager under "Administration > System
Settings > Event Forwarding > Edit > General" tab.
Enhancement 3: [DSSEG-2993]
In a multi-tenant Deep Security Manager environment,
alert emails now include the Tenant Name and Tenant ID.
Enhancement 4: [DSSEG-2990]
When generating a diagnostics package in Deep Security
Manager running on Windows, if you select the "System
Information" option, the diagnostics package will now
include the manager's msinfo file.
2.2 Resolved Known Issues
=====================================================================
This release resolves the following issue(s):
Issue 1: [DSSEG-3068]
Deep Security Manager included null pointer exceptions
in the server0.log file when "Offline" system events
(event ID 730) were set to not record.
Solution 1: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 2: [DSSEG-3060]
The Terminated Host Purge job occasionally would not
remove agents if it encountered a deadlock in the
database.
Solution 2: The issue is fixed in this release. The Terminated
Host Purge job will try to remove agents in smaller
batches, to reduce the likelihood of encountering
deadlock, and will retry upon failure.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 3: [DSSEG-3027]
UNC paths could not be added to Behavior Monitoring
Protection Exceptions.
Solution 3: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 4: [DSSEG-2996/SF01221054/SEG-37404]
The Soap API securityUpdateApply() returned a null
pointer exception.
Solution 4: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 5: [DSSEG-2956]
Previously, deadlock issues occurred when updating
activeHostErrors records, which heavily impacted
heartbeats.
Solution 5: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 6: [DSSEG-2938]
The Deep Security Manager could not connect with all
AWS WorkSpaces instances.
Solution 6: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 7: [DSSEG-2899]
The Inactive Agent Cleanup feature sometimes did not
work because the upgrade process inserted null values
when migrating data from the hosts table to the
hostvolatiles table.
Solution 7: The issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 8: [DSSEG-2900]
The Inactive Agent Cleanup feature occasionally would
not remove agents if it encountered deadlock in the
database.
Solution 8: The issue is fixed in this release. The Inactive Agent
Cleanup feature will try to remove agents in smaller
batches, to reduce the likelihood of encountering
deadlock, and will retry upon failure.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 9: [DSSEG-2983]
Deep Security Manager was not able to synchronize with
Azure accounts using the Azure connector in an
air-gapped environment. This was because the Azure
connector used the ADAL4j library to retrieve the
access token. This implementation has a limitation in
handling a proxy with username/password authentication,
which caused timeout exceptions in air-gaped
environments.
Solution 9: Deep Security Manager now uses the Azure REST API to
retrieve the access token. This new implementation
works with an authenticated proxy in air-gaped
environments.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Deep Security Agent Linux
2. What's New
========================================================================
2.1 Enhancements
=====================================================================
The following enhancement(s) are included in this release:
Enhancement 1: [DSSEG-3090/SEG-37605]
This release updates the Anti-Malware scan engine to
latest version.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enhancement 2: [DSSEG-3023]
The version of zlib used by the Deep Security Agent
has been updated to zlib-1.2.11.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enhancement 3: [DSSEG-2971]
The version of curl used by the Deep Security Agent
has been updated to curl-7.61.1.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2.2 Resolved Known Issues
=====================================================================
This release resolves the following issue(s):
Issue 1: [DSSEG-3091]
In certain configurations, the Deep Security Agent
kernel driver loaded an incorrect configuration,
causing an OS crash.
Solution 1: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 2: [DSSEG-3033]
Deep Security Agent running on Ubuntu 18.04 on Azure
was not activated into Microsoft Azure cloud accounts.
Solution 2: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 3: [DSSEG-3012]
An unactivated Deep Security Agent reached 100%
CPU usage when handling a long HTTPS request.
Solution 3: The issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 4: [DSSEG-3006/SEG-33124]
The Anti-malware driver had a compatibility issue with
a GFS2/GFS cluster environment.
Solution 4: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 5: [DSSEG-2933]
The TrendX PIT test sample was not detected and
quarantined as expected, because the scan flow
overwrote the detection action rather than determine
the action according to the scan engine.
Solution 5: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 6: [DSSEG-2891/SEG-34463]
The Agent operating system could crash when Anti-
Malware was enabled or the Agent was stopped.
Solution 6: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 7: [DSSEG-2877/00386295/00461478/573707/00487753/SEG-5825]
Users who are not using a local Smart Protection
Server (SPS) reported many dropped retransmit
"rxjammed" events in the Firewall when using Web
Reputation Service, which caused the Firewall logs to
fill up.
Solution 7: Dropped Retransmit "rxjammed" events are no longer
recorded in the Firewall log.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 8: [DSSEG-2975]
When Anti-Malware was enabled on Linux, Deep Security
Agent would not stop the service gracefully.
Solution 8: This issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Deep Security Agent Windows
2. What's New
========================================================================
2.1 Enhancements
=====================================================================
The following enhancement(s) are included in this release:
Enhancement 1: [DSSEG-3023]
The version of zlib used by the Deep Security Agent
has been updated to zlib-1.2.11.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enhancement 2: [DSSEG-2982]
The URL for the Trend Micro corporate site has changed
from http://www.trendmicro.co.jp/ to
https://www.trendmicro.com/. Deep Security has been
updated to point to the new URL where necessary.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enhancement 3: [DSSEG-2971]
The version of curl used by the Deep Security Agent
has been updated to curl-7.61.1.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enhancement 4: [DSSEG-2524/SF00908235/SEG-30932]
When a cookie is detected as spyware, the related
Anti-Malware event now contains the file path of the
cookie. To see this information, double-click the
event on the "Anti-Malware Events" page and go to
"Spyware Items". The path of the cookie is displayed
in the "Object" field.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enhancement 5: [DSSEG-3090/DSSEG-2936/SEG-37605]
This release updates the Anti-Malware scan engine to
the latest version.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enhancement 6: [DSSEG-2916]
Deep Security Agent 11.0 Update 4 is supported on
Windows 10 version 1809 (RS5).
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2.2 Resolved Known Issues
=====================================================================
This release resolves the following issue(s):
Issue 1: [DSSEG-3012]
An unactivated Deep Security Agent could reach 100%
CPU usage when handling a long HTTPS request.
Solution 1: The issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 2: [DSSEG-2877/00386295/00461478/573707/00487753/SEG-5825]
Users who are not using a local Smart Protection
Server (SPS) reported many dropped retransmit
"rxjammed" events in the Firewall when using Web
Reputation Service, which caused the Firewall logs to
fill up.
Solution 2: Dropped Retransmit "rxjammed" events are no longer
recorded in the Firewall log.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 3: [DSSEG-2830/SEG-34494/SEG-36247/SF01099702]
The Deep Security Agent Anti-Malware kernel driver
sometimes caused a system crash in high-stress
conditions and could also cause certain processes to
use high amounts of CPU and memory.
Solution 3: This issue is fixed in this release.
Note 3: The kernel driver update requires the system to reboot
if the target platform is higher than Windows 7 (for
example, Windows 8, Windows 2012, etc.)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Deep Security Notifier
2. What's New
========================================================================
2.1 Enhancements
=====================================================================
The following enhancement(s) are included in this release:
Enhancement 1: [DSSEG-3023]
The version of zlib used by the Deep Security Agent
has been updated to zlib-1.2.11.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enhancement 2: [DSSEG-2982]
The URL for the Trend Micro corporate site has changed
from http://www.trendmicro.co.jp/ to
https://www.trendmicro.com/. Deep Security has been
updated to point to the new URL where necessary.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enhancement 3: [DSSEG-2971]
The version of curl used by the Deep Security Agent
has been updated to curl-7.61.1.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enhancement 4: [DSSEG-2524/SF00908235/SEG-30932]
When a cookie is detected as spyware, the related
Anti-Malware event now contains the file path of the
cookie. To see this information, double-click the
event on the "Anti-Malware Events" page and go to
"Spyware Items". The path of the cookie is displayed
in the "Object" field.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enhancement 5: [DSSEG-3090/DSSEG-2936/SEG-37605]
This release updates the Anti-Malware scan engine to
the latest version.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Enhancement 6: [DSSEG-2916]
Deep Security Agent 11.0 Update 4 is supported on
Windows 10 version 1809 (RS5).
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2.2 Resolved Known Issues
=====================================================================
This release resolves the following issue(s):
Issue 1: [DSSEG-3012]
An unactivated Deep Security Agent could reach 100%
CPU usage when handling a long HTTPS request.
Solution 1: The issue is fixed in this release.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 2: [DSSEG-2877/00386295/00461478/573707/00487753/SEG-5825]
Users who are not using a local Smart Protection
Server (SPS) reported many dropped retransmit
"rxjammed" events in the Firewall when using Web
Reputation Service, which caused the Firewall logs to
fill up.
Solution 2: Dropped Retransmit "rxjammed" events are no longer
recorded in the Firewall log.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue 3: [DSSEG-2830/SEG-34494/SEG-36247/SF01099702]
The Deep Security Agent Anti-Malware kernel driver
sometimes caused a system crash in high-stress
conditions and could also cause certain processes to
use high amounts of CPU and memory.
Solution 3: This issue is fixed in this release.
Note 3: The kernel driver update requires the system to reboot
if the target platform is higher than Windows 7 (for
example, Windows 8, Windows 2012, etc.)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
